验证 DKIM-Signature 的正确方法(b= 部分)
Proper way to validate DKIM-Signature (b= part)
我正在尝试开发我的家庭电子邮件服务器(在服务器端使用 NodeJS,但它并不重要,因为我试图找出原理)。
我使用 this documentation 来指导自己完成 DKIM-Signature 验证例程,但它需要一些复杂的步骤,我无法弄清楚我的错误在哪里。对于电子邮件示例,我使用了从 Mail.ru 服务器发送的电子邮件。它应该是完全有效的。这是 header:
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=mail.ru; s=mail2;
h=References:In-Reply-To:Content-Type:Message-ID:Reply-To:Date:MIME-Version:Subject:To:From; bh=gCWDSCJf58CbaR+wjAV9dydu9JTKkvo1o+0zkj8bNr0=;
b=pheltY+k/mio2x4CFQV8cXZxNiR7oSTkIsWTOZa1CGpEyK8KVSHY07OWSdZ1aFVtuaV32PbI0mNY0yliuqIbYTsnreFUYFM/iVR5PU74QHAe8yp46ydAYRbzLQu8dy+AkFhPtEdb8CAgoZKXgPLc888/Q6MsVAh6iH1L3SZj87Y=;
Received: by f427.i.mail.ru with local (envelope-from <[my name]@mail.ru>)
id 1dbP18-0003I9-L7
for madbr@[domain]; Sat, 29 Jul 2017 13:30:42 +0300
Received: by e.mail.ru with HTTP;
Sat, 29 Jul 2017 13:30:42 +0300
From: =?UTF-8?B?0KHQtdGA0LPQtdC5?= <[my name]@mail.ru>
To: madbr@[domain]
Subject: =?UTF-8?B?UmU6IA==?=
MIME-Version: 1.0
X-Mailer: Mail.Ru Mailer 1.0
Date: Sat, 29 Jul 2017 13:30:42 +0300
Reply-To: =?UTF-8?B?0KHQtdGA0LPQtdC5?= <[my name]@mail.ru>
X-Priority: 3 (Normal)
Message-ID: <1501324242.448202607@f427.i.mail.ru>
Content-Type: multipart/mixed;
boundary="----uEhsLqzDWmmGeA9EZ3XNsqSIGjlgVTmA-NI9QMhpqxNHWLEDT-1501324242"
Authentication-Results: f427.i.mail.ru; auth=pass smtp.auth=[my name]@mail.ru smtp.mailfrom=[my name]@mail.ru
X-7FA49CB5: 0D63561A33F958A58B4AE7CD4FB69874B38CA0D04717BA57612FFEEC28D99E31725E5C173C3A84C325A81A29FB5043FD044813140D6DB928F1C9CF18C8EB2269C4224003CC836476C0CAF46E325F83A50BF2EBBBDD9D6B0F2AF38021CC9F462D574AF45C6390F7469DAA53EE0834AAEE
X-Mailru-Sender: 080178E06F6B3F48806FD386034E228604900381AF51F7DD303A634C9E25199A8DFBC783E67F8C0305D8C6CDFE81985CCFB2E39DA8E91CCEEEC687A792225BA622DF1A08BD40178CA471C22AD050A14893AC9912533B2342AE208404248635DF
X-Mras: OK
X-Spam: undefined
In-Reply-To: <1500037364.788302144@mx47.mail.ru>
References: <1500037364.788302144@mx47.mail.ru>
验证说明说:
In hash step 1, the Signer/Verifier MUST hash the message body,
canonicalized using the body canonicalization algorithm specified in
the "c=" tag and then truncated to the length specified in the "l="
tag. That hash value is then converted to base64 form and inserted
into (Signers) or compared to (Verifiers) the "bh=" tag of the DKIM-
Signature header field.
In hash step 2, the Signer/Verifier MUST pass the following to the
hash algorithm in the indicated order.
1. The header fields specified by the "h=" tag, in the order
specified in that tag, and canonicalized using the header
canonicalization algorithm specified in the "c=" tag. Each
header field MUST be terminated with a single CRLF.
2. The DKIM-Signature header field that exists (verifying) or will
be inserted (signing) in the message, with the value of the "b="
tag (including all surrounding whitespace) deleted (i.e., treated
as the empty string), canonicalized using the header
canonicalization algorithm specified in the "c=" tag, and without
a trailing CRLF.
第一步很简单:我收到消息 body,使用
对其进行规范化
relaxed: function (data) {
return data.replace(/[ \t]+\r\n/g, '\r\n').replace(/[ \t]+/g, ' ').replace(/\r\n{2,}$/g, CONST.CRLF);
}
并创建了 sha256(根据 a= 标签)它的散列。它与 DKIM-Signature header 中的 bh= 标签匹配,但我很高兴。
下一步,我将执行以下操作:
1) 按照 h= 签名标签中给出的顺序从消息中获取所有必需的 headers。
References: <1500037364.788302144@mx47.mail.ru>
In-Reply-To: <1500037364.788302144@mx47.mail.ru>
Content-Type: multipart/mixed;
boundary="----uEhsLqzDWmmGeA9EZ3XNsqSIGjlgVTmA-NI9QMhpqxNHWLEDT-1501324242"
Message-ID: <1501324242.448202607@f427.i.mail.ru>
Reply-To: =?UTF-8?B?0KHQtdGA0LPQtdC5?= <[my name]@mail.ru>
Date: Sat, 29 Jul 2017 13:30:42 +0300
MIME-Version: 1.0
Subject: =?UTF-8?B?UmU6IA==?=
To: madbr@[domain]
From: =?UTF-8?B?0KHQtdGA0LPQtdC5?= <[my name]@mail.ru>
2) 规范化:
references:<1500037364.788302144@mx47.mail.ru>
in-reply-to:<1500037364.788302144@mx47.mail.ru>
content-type:multipart/mixed; boundary="----uEhsLqzDWmmGeA9EZ3XNsqSIGjlgVTmA-NI9QMhpqxNHWLEDT-1501324242"
message-id:<1501324242.448202607@f427.i.mail.ru>
reply-to:=?UTF-8?B?0KHQtdGA0LPQtdC5?= <[my name]@mail.ru>
date:Sat, 29 Jul 2017 13:30:42 +0300
mime-version:1.0
subject:=?UTF-8?B?UmU6IA==?=
to:madbr@[domain]
from:=?UTF-8?B?0KHQtdGA0LPQtdC5?= <[my name]@mail.ru>
3) 获取 DKIM-Signature,删除 b= 标签并将其规范化(根据文档也删除了尾随 \r\n):
dkim-signature:v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=mail.ru; s=mail2; h=References:In-Reply-To:Content-Type:Message-ID:Reply-To:Date:MIME-Version:Subject:To:From; bh=gCWDSCJf58CbaR+wjAV9dydu9JTKkvo1o+0zkj8bNr0==;
4) 从 DNS TXT 记录中获取 public 密钥并附加 -----BEGIN PUBLIC KEY-----...-----END PUBLIC KEY----- 以实现 PEM 格式兼容性。
5) 最后我用标准的RSA验证函数验证了一下:
crypto.createVerify('sha256')
.update(header + dkimHeader)
.verify(publicKey, Buffer.from(signature.b, CONST.BASE64));
但是失败了,我真的不知道该怪哪个行为。
在最后一步中,我连接了 header 和 DKIM-Signature,因为我真的不明白是什么“将以下内容传递给
hash algorithm in the indicated order”的意思。尝试使用.update(header).update(dkimHeader),但没有任何区别。
谁能解释一下,我做错了什么?
来自 RFC 的 3.7. Computing the Message Hashes 部分:
In hash step 2, the Signer/Verifier MUST pass the following to the
hash algorithm in the indicated order.
- The header fields specified by the "h=" tag, in the order
specified in that tag, and canonicalized using the header
canonicalization algorithm specified in the "c=" tag. Each
header field MUST be terminated with a single CRLF.
- The DKIM-Signature header field that exists (verifying) or will
be inserted (signing) in the message, with the value of the "b="
tag (including all surrounding whitespace) deleted (i.e., treated
as the empty string), canonicalized using the header
canonicalization algorithm specified in the "c=" tag, and without
a trailing CRLF.
我突出了重要部分:只应删除值,而不是整个标记。
所以正确的最后一行输入是(注意末尾的 b=;):
dkim-signature:v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=mail.ru; s=mail2; h=References:In-Reply-To:Content-Type:Message-ID:Reply-To:Date:MIME-Version:Subject:To:From; bh=gCWDSCJf58CbaR+wjAV9dydu9JTKkvo1o+0zkj8bNr0=; b=;
我正在尝试开发我的家庭电子邮件服务器(在服务器端使用 NodeJS,但它并不重要,因为我试图找出原理)。 我使用 this documentation 来指导自己完成 DKIM-Signature 验证例程,但它需要一些复杂的步骤,我无法弄清楚我的错误在哪里。对于电子邮件示例,我使用了从 Mail.ru 服务器发送的电子邮件。它应该是完全有效的。这是 header:
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=mail.ru; s=mail2;
h=References:In-Reply-To:Content-Type:Message-ID:Reply-To:Date:MIME-Version:Subject:To:From; bh=gCWDSCJf58CbaR+wjAV9dydu9JTKkvo1o+0zkj8bNr0=;
b=pheltY+k/mio2x4CFQV8cXZxNiR7oSTkIsWTOZa1CGpEyK8KVSHY07OWSdZ1aFVtuaV32PbI0mNY0yliuqIbYTsnreFUYFM/iVR5PU74QHAe8yp46ydAYRbzLQu8dy+AkFhPtEdb8CAgoZKXgPLc888/Q6MsVAh6iH1L3SZj87Y=;
Received: by f427.i.mail.ru with local (envelope-from <[my name]@mail.ru>)
id 1dbP18-0003I9-L7
for madbr@[domain]; Sat, 29 Jul 2017 13:30:42 +0300
Received: by e.mail.ru with HTTP;
Sat, 29 Jul 2017 13:30:42 +0300
From: =?UTF-8?B?0KHQtdGA0LPQtdC5?= <[my name]@mail.ru>
To: madbr@[domain]
Subject: =?UTF-8?B?UmU6IA==?=
MIME-Version: 1.0
X-Mailer: Mail.Ru Mailer 1.0
Date: Sat, 29 Jul 2017 13:30:42 +0300
Reply-To: =?UTF-8?B?0KHQtdGA0LPQtdC5?= <[my name]@mail.ru>
X-Priority: 3 (Normal)
Message-ID: <1501324242.448202607@f427.i.mail.ru>
Content-Type: multipart/mixed;
boundary="----uEhsLqzDWmmGeA9EZ3XNsqSIGjlgVTmA-NI9QMhpqxNHWLEDT-1501324242"
Authentication-Results: f427.i.mail.ru; auth=pass smtp.auth=[my name]@mail.ru smtp.mailfrom=[my name]@mail.ru
X-7FA49CB5: 0D63561A33F958A58B4AE7CD4FB69874B38CA0D04717BA57612FFEEC28D99E31725E5C173C3A84C325A81A29FB5043FD044813140D6DB928F1C9CF18C8EB2269C4224003CC836476C0CAF46E325F83A50BF2EBBBDD9D6B0F2AF38021CC9F462D574AF45C6390F7469DAA53EE0834AAEE
X-Mailru-Sender: 080178E06F6B3F48806FD386034E228604900381AF51F7DD303A634C9E25199A8DFBC783E67F8C0305D8C6CDFE81985CCFB2E39DA8E91CCEEEC687A792225BA622DF1A08BD40178CA471C22AD050A14893AC9912533B2342AE208404248635DF
X-Mras: OK
X-Spam: undefined
In-Reply-To: <1500037364.788302144@mx47.mail.ru>
References: <1500037364.788302144@mx47.mail.ru>
验证说明说:
In hash step 1, the Signer/Verifier MUST hash the message body,
canonicalized using the body canonicalization algorithm specified in
the "c=" tag and then truncated to the length specified in the "l="
tag. That hash value is then converted to base64 form and inserted
into (Signers) or compared to (Verifiers) the "bh=" tag of the DKIM-
Signature header field.
In hash step 2, the Signer/Verifier MUST pass the following to the
hash algorithm in the indicated order.
1. The header fields specified by the "h=" tag, in the order
specified in that tag, and canonicalized using the header
canonicalization algorithm specified in the "c=" tag. Each
header field MUST be terminated with a single CRLF.
2. The DKIM-Signature header field that exists (verifying) or will
be inserted (signing) in the message, with the value of the "b="
tag (including all surrounding whitespace) deleted (i.e., treated
as the empty string), canonicalized using the header
canonicalization algorithm specified in the "c=" tag, and without
a trailing CRLF.
第一步很简单:我收到消息 body,使用
对其进行规范化 relaxed: function (data) {
return data.replace(/[ \t]+\r\n/g, '\r\n').replace(/[ \t]+/g, ' ').replace(/\r\n{2,}$/g, CONST.CRLF);
}
并创建了 sha256(根据 a= 标签)它的散列。它与 DKIM-Signature header 中的 bh= 标签匹配,但我很高兴。
下一步,我将执行以下操作:
1) 按照 h= 签名标签中给出的顺序从消息中获取所有必需的 headers。
References: <1500037364.788302144@mx47.mail.ru>
In-Reply-To: <1500037364.788302144@mx47.mail.ru>
Content-Type: multipart/mixed;
boundary="----uEhsLqzDWmmGeA9EZ3XNsqSIGjlgVTmA-NI9QMhpqxNHWLEDT-1501324242"
Message-ID: <1501324242.448202607@f427.i.mail.ru>
Reply-To: =?UTF-8?B?0KHQtdGA0LPQtdC5?= <[my name]@mail.ru>
Date: Sat, 29 Jul 2017 13:30:42 +0300
MIME-Version: 1.0
Subject: =?UTF-8?B?UmU6IA==?=
To: madbr@[domain]
From: =?UTF-8?B?0KHQtdGA0LPQtdC5?= <[my name]@mail.ru>
2) 规范化:
references:<1500037364.788302144@mx47.mail.ru>
in-reply-to:<1500037364.788302144@mx47.mail.ru>
content-type:multipart/mixed; boundary="----uEhsLqzDWmmGeA9EZ3XNsqSIGjlgVTmA-NI9QMhpqxNHWLEDT-1501324242"
message-id:<1501324242.448202607@f427.i.mail.ru>
reply-to:=?UTF-8?B?0KHQtdGA0LPQtdC5?= <[my name]@mail.ru>
date:Sat, 29 Jul 2017 13:30:42 +0300
mime-version:1.0
subject:=?UTF-8?B?UmU6IA==?=
to:madbr@[domain]
from:=?UTF-8?B?0KHQtdGA0LPQtdC5?= <[my name]@mail.ru>
3) 获取 DKIM-Signature,删除 b= 标签并将其规范化(根据文档也删除了尾随 \r\n):
dkim-signature:v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=mail.ru; s=mail2; h=References:In-Reply-To:Content-Type:Message-ID:Reply-To:Date:MIME-Version:Subject:To:From; bh=gCWDSCJf58CbaR+wjAV9dydu9JTKkvo1o+0zkj8bNr0==;
4) 从 DNS TXT 记录中获取 public 密钥并附加 -----BEGIN PUBLIC KEY-----...-----END PUBLIC KEY----- 以实现 PEM 格式兼容性。
5) 最后我用标准的RSA验证函数验证了一下:
crypto.createVerify('sha256')
.update(header + dkimHeader)
.verify(publicKey, Buffer.from(signature.b, CONST.BASE64));
但是失败了,我真的不知道该怪哪个行为。
在最后一步中,我连接了 header 和 DKIM-Signature,因为我真的不明白是什么“将以下内容传递给
hash algorithm in the indicated order”的意思。尝试使用.update(header).update(dkimHeader),但没有任何区别。
谁能解释一下,我做错了什么?
来自 RFC 的 3.7. Computing the Message Hashes 部分:
In hash step 2, the Signer/Verifier MUST pass the following to the hash algorithm in the indicated order.
- The header fields specified by the "h=" tag, in the order specified in that tag, and canonicalized using the header canonicalization algorithm specified in the "c=" tag. Each header field MUST be terminated with a single CRLF.
- The DKIM-Signature header field that exists (verifying) or will be inserted (signing) in the message, with the value of the "b=" tag (including all surrounding whitespace) deleted (i.e., treated as the empty string), canonicalized using the header canonicalization algorithm specified in the "c=" tag, and without a trailing CRLF.
我突出了重要部分:只应删除值,而不是整个标记。
所以正确的最后一行输入是(注意末尾的 b=;):
dkim-signature:v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=mail.ru; s=mail2; h=References:In-Reply-To:Content-Type:Message-ID:Reply-To:Date:MIME-Version:Subject:To:From; bh=gCWDSCJf58CbaR+wjAV9dydu9JTKkvo1o+0zkj8bNr0=; b=;